New
- Pro: We added functionality for scheduling backups, creating execution limits, and setting retention policies on the backups page. See documentation here.
Improved
Pro: We added an 'Auto' selection to payload dropdowns to pick the most appropriate payload type automatically.
PR 17681 - This PR adds a new datastore option for Jenkins home directory to the
jenkins_gathermodule.PR 18096 - Updates the LDAP query module and the Kerberos authentication support for WinRM/MSSQL/SMB/LDAP/etc to no work in conjunction with the user's set
Proxiesdatastore value, i.e.set Proxies socks5:127.0.0.1:1080.
Fixed
Pro: We corrected table
select-allpopulation of various action forms.PR 18187 - Fixes a crash when running Ruby 3.3.0-preview1 with modules that used invalid syntax when packing or unpacking binary data.
PR 18213 - This fixes a bug in the
evasion/windows/syscall_injectmodule that was caused by an uninitialized variable.PR 18225 - This PR fixes multiple missing and invalid references in modules.
Modules
PR 18142 - This PR adds a Wordpress exploit that makes use of the WordPress File Manager Advanced Shortcode 2.3.2 plugin, to gain unauthenticated Remote Code Execution through shortcode.
PR 18173 - This PR adds a module for CVE-2023-32315, a remote code execution vulnerability for all versions of Openfire that have been released since April 2015, starting with version 3.10.0.Patched versions are 4.7.5+ 4.6.8+ and 4.8.0+.
PR 18182 - This PR adds an auxiliary module that takes advantage of CVE-2023-26876 to retrieve the username and password hash from piwigo v.13.5.0 and earlier.
PR 18199 - This adds an exploit module that leverages a pre-authenticated command injection vulnerability in VMWare Aria Operations for Networks (vRealize Network Insight). Versions from 6.2 to 6.10 are vulnerable and this has been identified as CVE-2023-20887. The module bypasses the reverse proxy that protects the access to the Apache Thrift RPC interface and executes arbitrary commands on the underlying operating system as the root user.